summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog9
-rw-r--r--src/ls.c3
-rw-r--r--tests/selinux9
3 files changed, 16 insertions, 5 deletions
diff --git a/ChangeLog b/ChangeLog
index cf1cffcde..b8805358a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+2007-09-05 Jim Meyering <jim@meyering.net>
+
+ Adapt to new SELinux behavior: "?" vs. new "unlabeled"
+ * src/ls.c (gobble_file): Interpret the new "unlabeled" indicator
+ from getfilecon/lgetfilecon the same way we interpret a negative
+ return value: no security context. So we don't print the "+".
+ * tests/selinux: Recognize that "unlabeled" means insufficient
+ support for SELinux, just like "?".
+
2007-09-03 Jim Meyering <jim@meyering.net>
Invoke $(AUTOCONF) manually, if needed to get an updated version string.
diff --git a/src/ls.c b/src/ls.c
index 5eacbad0d..946e71169 100644
--- a/src/ls.c
+++ b/src/ls.c
@@ -2651,7 +2651,8 @@ gobble_file (char const *name, enum filetype type, ino_t inode,
? getfilecon (absolute_name, &f->scontext)
: lgetfilecon (absolute_name, &f->scontext));
err = (attr_len < 0);
- file_has_security_context = (err == 0);
+ file_has_security_context =
+ (err == 0 && ! STREQ ("unlabeled", f->scontext));
/* When requesting security context information, don't make
ls fail just because the file (even a command line argument)
diff --git a/tests/selinux b/tests/selinux
index 087658a39..2026a6a98 100644
--- a/tests/selinux
+++ b/tests/selinux
@@ -1,4 +1,4 @@
-# Is a test expensive?
+# Skip this test if there is insufficient SELinux support.
# Copyright (C) 2007 Free Software Foundation, Inc.
# This program is free software: you can redistribute it and/or modify
@@ -14,9 +14,10 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
-test "`ls -Zd .`" = '? .' &&
- {
+case `ls -Zd .` in
+ '? .'|'unlabeled .')
echo "$0: skipping this test; this system (or maybe just" 1>&2
echo " the current file system) lacks SELinux support" 1>&2
(exit 77); exit 77
- }
+ ;;
+esac